There's little difference between the on-site security audits auditors would traditionally conduct with customers and the remote audits conducted in response to the 'rona. You'd follow the same best practices outlined for on-site audits as you would for remote audits, albeit with a few more things to keep in mind:
But if you wanted to the DIY route, you could manage and track everything through whatever tools are easy and the most effective from a time and money standpoint for you and your team. Heck, you could even manage everything through someone's notebook so long as that point person meticulously records and tracks everything.
Hey, I'm not trying to hit you with another "no duh" tip. But when you think about it, security audits are serious business dealing with risky business (but without Tom Cruise).And given all the communication apps that exist, you have no excuses internally to make sure your colleagues are implementing the security controls they've been assigned. And externally, you have no excuses for letting your auditor know about the latest and greatest progress (fun fact: Jose Costa, CISO at Tugboat Logic, and his team of former auditors can attest to the fact that auditors are not "out to get you" and are not looking to fail you – they want you to pass with flying colors!). TL;DR: it's better to over-communicate with everyone involved in the audit process and make sure everyone is on the same page than it is to make assumptions. To quote the legendary thespian Samuel L. Jackson, "...when you make assumptions, you make an a** out of you and umption."
'nuff said.If you're looking to switch, you can take a look at the thorough video conferencing vendor comparison and risk assessment Jose and the Tugboat Labs team conducted when we decided to switch from Zoom to Google Meet.
And that's all we got on the tips side for passing remote audits. It's all common sense knowledge that you already knew!